214 lines
6.9 KiB
Bash
Executable File
214 lines
6.9 KiB
Bash
Executable File
#!/bin/sh /etc/rc.common
|
|
# Copyright (C) 2015
|
|
# Must keep author's information if you use this file.
|
|
|
|
START=50
|
|
|
|
HISTORY_DIR="/etc/config/guestwifi"
|
|
[ -e /etc/config/guestwifi ]||mkdir -p /etc/config/guestwifi
|
|
|
|
enabled=$(uci get guest-wifi.@guest-wifi[0].enable)
|
|
wifi_name=$(uci get guest-wifi.@guest-wifi[0].wifi_name)
|
|
interface_name=$(uci get guest-wifi.@guest-wifi[0].interface_name)
|
|
encryption=$(uci get guest-wifi.@guest-wifi[0].encryption)
|
|
passwd=$(uci get guest-wifi.@guest-wifi[0].passwd)
|
|
interface_ip=$(uci get guest-wifi.@guest-wifi[0].interface_ip)
|
|
isolate=$(uci get guest-wifi.@guest-wifi[0].isolate)
|
|
start=$(uci get guest-wifi.@guest-wifi[0].start)
|
|
limit=$(uci get guest-wifi.@guest-wifi[0].limit)
|
|
leasetime=$(uci get guest-wifi.@guest-wifi[0].leasetime)
|
|
device=$(uci get guest-wifi.@guest-wifi[0].device)
|
|
create=$(uci get guest-wifi.@guest-wifi[0].create)
|
|
|
|
|
|
start() {
|
|
[ $enabled = 1 ] && {
|
|
[ $create = 1 ] && {
|
|
[ -f /etc/config/guestwifi/guest_del ] || echo "#! /bin/sh" > ${HISTORY_DIR}/guest_del
|
|
chmod 0755 ${HISTORY_DIR}/guest_del
|
|
add_interface
|
|
add_ssid
|
|
mod_dhcp
|
|
mod_fw
|
|
/etc/init.d/network restart
|
|
}
|
|
uci set guest-wifi.@guest-wifi[0].create='0'
|
|
uci commit guest-wifi
|
|
uci del wireless.$interface_name.disabled
|
|
uci commit wireless
|
|
wifi
|
|
}
|
|
}
|
|
|
|
|
|
stop() {
|
|
[ $enabled = 0 ] && {
|
|
[ $create = 1 ] && {
|
|
${HISTORY_DIR}/guest_del
|
|
rule_c=`uci show firewall |grep "Hide My LAN for $wifi_name"|grep -o "[0-9]*[0-9]"`
|
|
uci del firewall.@rule[$rule_c]
|
|
uci commit firewall
|
|
rule_b=`uci show firewall |grep "Allow DHCP request for $wifi_name"|grep -o "[0-9]*[0-9]"`
|
|
uci del firewall.@rule[$rule_b]
|
|
uci commit firewall
|
|
rule_a=`uci show firewall |grep "Allow DNS Queries for $wifi_name"|grep -o "[0-9]*[0-9]"`
|
|
uci del firewall.@rule[$rule_a]
|
|
uci commit firewall
|
|
/etc/config/guestwifi/guest_del
|
|
rm -rf /etc/config/guestwifi/guest_del
|
|
/etc/init.d/network restart
|
|
}
|
|
uci set guest-wifi.@guest-wifi[0].create='0'
|
|
uci commit guest-wifi
|
|
uci set wireless.$interface_name.disabled='1'
|
|
uci commit wireless
|
|
wifi
|
|
}
|
|
}
|
|
|
|
restart() {
|
|
stop
|
|
sleep 2
|
|
start
|
|
}
|
|
|
|
add_interface() {
|
|
name=`uci show network |grep "$interface_ip"`
|
|
if [ $? = 1 ]; then
|
|
uci set network.$interface_name=interface
|
|
uci set network.$interface_name.proto='static'
|
|
uci set network.$interface_name.ipaddr="$interface_ip"
|
|
uci set network.$interface_name.netmask='255.255.255.0'
|
|
echo "uci del network.$interface_name" >> ${HISTORY_DIR}/guest_del
|
|
echo "uci commit network" >> ${HISTORY_DIR}/guest_del
|
|
uci commit network
|
|
fi
|
|
}
|
|
|
|
add_ssid() {
|
|
check_name=`uci show wireless |grep "$wifi_name"`
|
|
if [ $? = 1 ]; then
|
|
uci set wireless.$interface_name=wifi-iface
|
|
uci set wireless.$interface_name.device="$device"
|
|
uci set wireless.$interface_name.mode='ap'
|
|
uci set wireless.$interface_name.network="$interface_name"
|
|
uci set wireless.$interface_name.ssid="$wifi_name"
|
|
uci set wireless.$interface_name.encryption="$encryption"
|
|
uci set wireless.$interface_name.isolate="$isolate"
|
|
if [ "$encryption" != "none" ]; then
|
|
uci set wireless.$interface_name.key="$passwd"
|
|
fi
|
|
echo "uci del wireless.$interface_name" >> ${HISTORY_DIR}/guest_del
|
|
echo "uci commit wireless" >> ${HISTORY_DIR}/guest_del
|
|
uci commit wireless
|
|
fi
|
|
}
|
|
|
|
mod_dhcp() {
|
|
check_dhcp=`uci show dhcp |grep "$interface_name=dhcp"`
|
|
if [ $? = 1 ]; then
|
|
uci set dhcp.$interface_name=dhcp
|
|
uci set dhcp.$interface_name.interface="$interface_name"
|
|
uci set dhcp.$interface_name.start="$start"
|
|
uci set dhcp.$interface_name.limit="$limit"
|
|
uci set dhcp.$interface_name.leasetime="$leasetime"
|
|
echo "uci del dhcp.$interface_name" >> ${HISTORY_DIR}/guest_del
|
|
echo "uci commit dhcp" >> ${HISTORY_DIR}/guest_del
|
|
uci commit dhcp
|
|
fi
|
|
}
|
|
|
|
mod_fw() {
|
|
num_a=`uci show firewall |grep '=zone' |wc -l`
|
|
num_b=`uci show firewall |grep '=forwarding' |wc -l`
|
|
|
|
check_zone=`uci show firewall |grep "name=\'$interface_name\'"`
|
|
if [ $? = 1 ]; then
|
|
uci add firewall zone
|
|
echo "uci del firewall.@zone[$num_a]" >> ${HISTORY_DIR}/guest_del
|
|
echo "uci commit firewall" >> ${HISTORY_DIR}/guest_del
|
|
uci set firewall.@zone[$num_a]=zone
|
|
uci set firewall.@zone[$num_a].name="$interface_name"
|
|
uci set firewall.@zone[$num_a].network="$interface_name"
|
|
uci set firewall.@zone[$num_a].forward='REJECT'
|
|
uci set firewall.@zone[$num_a].output='ACCEPT'
|
|
uci set firewall.@zone[$num_a].input='REJECT'
|
|
uci commit firewall
|
|
fi
|
|
|
|
check_forward=`uci show firewall |grep "forwarding\[.*\].src=\'"$interface_name\'""`
|
|
if [ $? = 1 ]; then
|
|
uci add firewall forwarding
|
|
echo "uci del firewall.@forwarding[$num_b]" >> ${HISTORY_DIR}/guest_del
|
|
echo "uci commit firewall" >> ${HISTORY_DIR}/guest_del
|
|
uci set firewall.@forwarding[$num_b]=forwarding
|
|
uci set firewall.@forwarding[$num_b].src="$interface_name"
|
|
uci set firewall.@forwarding[$num_b].dest='wan'
|
|
uci commit firewall
|
|
fi
|
|
|
|
check_DNS=`uci show firewall |grep "Allow DNS Queries for $wifi_name"`
|
|
if [ $? = 1 ]; then
|
|
num_c=`uci show firewall |grep '=rule' |wc -l`
|
|
uci add firewall rule
|
|
uci set firewall.@rule[$num_c]=rule
|
|
uci set firewall.@rule[$num_c].name="Allow DNS Queries for $wifi_name"
|
|
uci set firewall.@rule[$num_c].src="$interface_name"
|
|
uci set firewall.@rule[$num_c].dest_port='53'
|
|
uci set firewall.@rule[$num_c].proto='tcpudp'
|
|
uci set firewall.@rule[$num_c].target='ACCEPT'
|
|
uci commit firewall
|
|
unset num_c
|
|
fi
|
|
|
|
check_DHCP=`uci show firewall |grep "Allow DHCP request for $wifi_name"`
|
|
if [ $? = 1 ]; then
|
|
num_c=`uci show firewall |grep '=rule' |wc -l`
|
|
uci add firewall rule
|
|
uci set firewall.@rule[$num_c]=rule
|
|
uci set firewall.@rule[$num_c].name="Allow DHCP request for $wifi_name"
|
|
uci set firewall.@rule[$num_c].src="$interface_name"
|
|
uci set firewall.@rule[$num_c].src_port='67-68'
|
|
uci set firewall.@rule[$num_c].dest_port='67-68'
|
|
uci set firewall.@rule[$num_c].proto='udp'
|
|
uci set firewall.@rule[$num_c].target='ACCEPT'
|
|
uci commit firewall
|
|
unset num_c
|
|
fi
|
|
|
|
check_HIDE=`uci show firewall |grep "Hide My LAN for $wifi_name"`
|
|
if [ $? = 1 ]; then
|
|
num_c=`uci show firewall |grep '=rule' |wc -l`
|
|
uci add firewall rule
|
|
uci set firewall.@rule[$num_c]=rule
|
|
uci set firewall.@rule[$num_c].enabled='1'
|
|
uci set firewall.@rule[$num_c].name="Hide My LAN for $wifi_name"
|
|
uci set firewall.@rule[$num_c].proto='all'
|
|
uci set firewall.@rule[$num_c].src="$interface_name"
|
|
#convert netmask to cidr
|
|
local lan_netmask=`uci get network.lan.netmask`
|
|
local nbits=0
|
|
local IFS=.
|
|
for netmask_dec in $lan_netmask ; do
|
|
case $netmask_dec in
|
|
255) let nbits+=8 ;;
|
|
254) let nbits+=7 ;;
|
|
252) let nbits+=6 ;;
|
|
248) let nbits+=5 ;;
|
|
240) let nbits+=4 ;;
|
|
224) let nbits+=3 ;;
|
|
192) let nbits+=2 ;;
|
|
128) let nbits+=1 ;;
|
|
0) ;;
|
|
*) echo "Error: $netmask_dec can not be recognised as netmask decimal." && exit 1 ;;
|
|
esac
|
|
done
|
|
unset netmask_dec
|
|
uci set firewall.@rule[$num_c].dest_ip="`uci get network.lan.ipaddr`/$nbits"
|
|
uci set firewall.@rule[$num_c].target='REJECT'
|
|
uci commit firewall
|
|
unset num_c
|
|
fi
|
|
}
|
|
|